Top 5 ways how cybercriminals steal cryptocurrency

Dealing with cryptocurrencies is not rocket science today. Crypto platforms offer you many simple and quick ways to buy Bitcoins, Ether, Ripple, and other digital tokens. As a rule, it takes a few minutes to register and buy your first virtual asset. So, when finding themselves lucky owners of crypto, people sometimes leave no place for some important things like account protection and studying the industry. They’ll likely wait for the market rally to sell cryptocurrency and make money from it. 


Now you’re probably thinking about why learning about cryptocurrencies is as important as keeping your account secure. The answer is simple — knowledge is power. Say, when you know that crypto transactions are irreversible, you’ll check every symbol of the destination wallet before you confirm the fund’s transfer. Because even a little mistake in the wallet address, its format or type can be a reason for a stuck transaction or even lost funds. 

Crypto scams — how do they work?

During the crypto boom in 2020 thousands of people joined the band of crypto enthusiasts. That means more novices in the industry and a rise in crypto scams. Swindlers are hunting for users who don’t know well how to operate with crypto. They have many tricks in their arsenal on how to get access to your wallet or make you send them your digital money. 

We’ve gathered the most common cases in this article so you can recognize the fraud, avoid them and save your money. 

Malware changing the data in your clipboard

It’s not a secret that crypto exchanges have different functionality. Some of them have a wide range of trading instruments, while others have an extended list of supported cryptocurrencies. If you have accounts on different platforms (one for spot trading, one for trading with leverage, and one more for staking crypto), then you’ve probably made a lot of deposit and withdrawal transactions. And you know the golden rule — double-check what crypto you send and where.

Crypto wallets are long strings of letters and numbers, so it’s hard to remember them. So we just copy-paste them every time when need to transfer the cryptocurrencies. Imagine one day you’ve sent funds from one wallet to another and they’ve not arrived. When you check the transaction on a blockchain, you suddenly realize that the recipient’s wallet address is not yours. How could that happen?

The reason can be malware accidentally installed on your laptop, PC, or phone. Some programs can change the data you copy and paste with a clipboard. It replaces the wallet address you enter for withdrawal with the one controlled by a hacker. Thus, even if you copy your destination wallet address, don’t spare your time to check at least a few first and last symbols.

The oldest trick — phishing messages and sites

The method of phishing was described in the 1980s when phone scams were thriving. Later, in the 1990s this term became commonly known because of numerous email attacks when swindlers managed to steal passwords and hijack accounts of AOL users. Then hackers paid their attention to the financial sphere, the one where money is directly involved. 

Phishing is explained in different ways. Modern techniques, for instance, are connected with using emails and social networks, so it’s classified as a cybercrime. Still, the main purpose of phishing is to steal the login credentials that give access to your banking or crypto wallet accounts. 

Mostly, scammers use the name of a trusted company to contact you via email. To recognize them, check carefully the sender’s address. Any typo may be a signal of fraud. 

Phishing schemes usually target a wide audience — they are so-called “bulk” emails. The message doesn’t contain your name in the greetings part and its content convince you to urgently click on the link or open the attachment. For instance, it can be a resetting password confirmation or letter with “Passport” or “Invoice” file in the attachment. The link will direct the recipient to the phishing site used by attackers to get sensitive information, like your wallet password and seed phrase. The attachment probably contains software that will use your computer power for remote crypto mining or replace the wallet address you copy with a clipboard. 

Compromised SMS verification

When creating a crypto wallet you’re mostly asked to enable the multi-factor authentication — set up the 2FA code. Usually, the default 2FA option is an SMS/phone call method. The significant weakness of SMS verification is that messages are not encrypted and hackers can intercept them. 

If possible, use a dedicated 2FA code app such as Authy, Google Authenticator, AndOTP. They generate one-time passwords for your accounts on crypto platforms, mailbox, crypto wallet, online banking, and so on, and no internet connection is required. Yet, the main advantage of this method is that hackers cannot find out your 2FA code unless they steal your smartphone with an authentication app. By the way, don’t forget to set up a graphical passcode, Touch or Face ID on your phone.

Fake hardware wallets

Hardware wallets are considered to be one of the most secure ways to store your crypto. Cold wallets are keeping your funds away from the internet and possible online hack. The most popular hardware wallet provider is Ledger. As the company members state, they have already sold over 3 million wallets. Having such a huge customer base, no wonder they’ve also attracted the attention of crypto scammers.

Because of the data breach in 2020, hackers managed to obtain personal information about Ledger customers, including post addresses. Then, they sent fake hard wallets with malware allowing a scammer to get access to the crypto sent or stored on the device.

No more public Wi-fi

First: because you can not be 100% sure of the security of your connection. Second, following this, hackers can position their own connection spot between you and the wi-fi host. 

Consequences are quite similar: a hacker can get your login and password via the middle-point. Or else, the wi-fi host is a hacker, gathering your credentials. And if you have the cryptocurrency trading app on your smartphone, make sure that the automatic wifi connection is disabled. 

Why choose a crypto platform that follows AML?

Anti-money laundering (AML) regulations are internationally recognized rules aimed to prevent using the financial industry by malicious actors. In other words, banks and crypto platforms that follow AML implement different security measures to deter and prevent criminal activity. 

When a crypto exchange follows the AML regulations, that means scammers have almost no chance to launder their loot. Additionally, a platform will offer you multiple security options to better protect your funds and sensitive data. For example, the CEX.IO platform follows the 5th AML directive, has a level 1 PCI DSS certificate, uses partial cold storage for clients’ funds keeping them offline, uses whitelisting for crypto wallets, and multi-step confirmations for all transactions.